Method and device for producing an encrypted payload data stream and method and device for decrypting an encrypted payload data stream

ABSTRACT

In a method for producing an encrypted method payload data stream comprising a header and a block containing encrypted payload data, a payload data key for a payload data encryption algorithm for encrypting payload data is generated. The payload data is encrypted using the generated payload data key and the payload data encryption algorithm to obtain the block containing the encrypted payload data of the payload stream. A part of the payload data stream is processed to deduce information marking the part of the payload data stream. The information is linked with the payload data by means of an invertible logic linkage to obtain a basic value. This basic value is finally encrypted using a key of two keys being different from each other by an asymmetrical encryption method, the two different keys being the public and the private keys respectively for the asymmetrical encryption method to obtain an output value being an encrypted version of the payload data key. The output value is finally entered into the header to complete the payload stream. Changes of the header and of the payload data itself, which are not authorized, lead to an automatic destruction of the payload data.

FIELD OF THE INVENTION

The present invention relates to the encryption and decryption ofpayload data and in particular to an encryption concept in which thepayload data is encrypted by means of a certain key, the key beingencrypted in turn to realize a customer-selective transmission ofpayload data.

BACKGROUND OF THE INVENTION AND PRIOR ART

With the occurrence of telecommunication networks and in particular dueto the huge spreading of multimedia data-capable personal computers and,most recently, of so-called solid state players, a need has arisen tomarket digital multimedia data, such as digital audio data and/ordigital video data, commercially. Telecommunication networks for examplecan be analog telephone lines, digital telephone lines, such as ISDN, orthe Internet. Among the commercial providers of multimedia productsthere is a need to sell or lend multimedia data, wherein it should bepossible for a customer to be able to select a certain productindividually at any time from a certain catalogue, this product then ofcourse being only allowed to be used by the customer who has paid forit.

Unlike well-known encrypted television programs, such as the televisionchannel Premiere, in which the emitted data is encrypted in the same wayfor all users who have acquired a suitable decryption device by paying acertain charge, the present invention is to provide methods and devicesenabling an individual, customer-selective and safe encryption anddecryption of multimedia data. Unlike the television channels mentionedabove which give a fixed program all of which the user has to decidefor, the methods and devices of the present invention enable a maximumfreedom of selection for the user, which means that the user has only topay for those products he or she actually wants to use.

DE 196 25 635 C1 describes methods and devices for encrypting anddecrypting multimedia data, the multimedia data being present in theform of an encrypted multimedia file comprising a destination data blockand a payload data block. Parts of the destination data block and atleast some parts of the payload data block are encrypted by means ofdifferent keys, especially symmetrical encryption methods being used.

Symmetrical encryption methods on the one hand have the advantage thatthey can work relatively quickly, on the other hand the user who wantsto decrypt the file needs the same key as the provider, such as theGerman company Deutsche Telekom, who has encrypted the multimedia datato sell it to the customer. Thus, both the provider and the user, thatis the customer, on the one hand have a table with many possiblesymmetrical encryption algorithms, such as DES or Blowfish, and on theother hand a table for possible keys in such a way that the providergenerates an entry into the destination data block of the multimediadata, the entry being used by the user to access his key table to selectthe correct key for the encryption.

Due to the rapidly increasing spreading of the MP3 standard so-calledsolid-state-players have emerged on the market, these players being usedfor decrypting and replaying multimedia data. These instruments areintended to be good value and thus can only comprise a limited amount ofmemory space and computing power. Unlike personal computers in which theresources present exceed the resources necessary for decryptingmultimedia by far, solid-state-players or stereo systems are car hi-fiinstruments must be good value in order to be competitive on the hardfought for market. In addition it is necessary to relieve theseinstruments, concerning the computing power and memory space, as far aspossible when decrypting and replaying the decrypted multimedia data. Onthe other hand there is still the demand that the encryption techniquesused be adequately safe to be trustworthy for the customer and toprevent an abuse even of encrypted multimedia data. In additioncopyright violations are to be fought effectively, especially whenmultimedia data is replayed without an authorization by the author orthe commercialisation company respectively or when it is changed withouthaving an authorization to do so.

SUMMARY OF THE INVENTION

It is the object of the present invention to create an efficient andsafe concept for encrypting and decrypting of multimedia datarespectively.

In accordance with a first aspect of the present invention, this objectis achieved by a method for producing a payload data stream comprising aheader and a payload data block containing encrypted payload data,comprising the following steps: generating a payload data key for apayload data encryption algorithm for encrypting payload data;encrypting payload data using said payload data key and said payloaddata encryption algorithm to obtain an encrypted section of said payloaddata block of said payload data stream; processing a part of saidpayload data stream to deduce information marking said part of saidpayload data stream; linking said information containing said payloaddata key by means of an invertible logic linkage to obtain a basicvalue; encrypting said basic value using a key of two keys beingdifferent from each other by an asymmetrical encryption method, said twodifferent keys being the public and the private keys respectively forsaid asymmetrical encryption method, to obtain an output value being anencrypted version of said payload data key; and entering said outputvalue into said header of said payload data stream.

In accordance with a second aspect of the present invention, this objectis achieved by a method for decrypting an encrypted payload data streamcomprising a header and a payload data block containing encryptedpayload data, said header comprising an output value having beengenerated by an encryption of a basic value by an asymmetricalencryption method using a key of two different keys including a privateand a public key, said basic value representing a linkage of a payloaddata key, with which said encrypted payload data is encrypted using apayload data encryption algorithm, and information deduced by a certainprocessing, said information marking a certain part of said payload datastream unambiguously, said method comprising the following steps:obtaining said output value from said header; decrypting said outputvalue using the other key of said asymmetrical encryption method toobtain said basic value; processing a part of said payload data streamusing the processing method used for encrypting to deduce informationmarking said part, said part corresponding to said certain part whenencrypting; linking said information and said basic value using thecorresponding linkage as it has been used when encrypting to obtain saidpayload data key; and decrypting said block containing encrypted payloaddata using said payload data key and said payload data encryptionalgorithm used when encrypting.

In accordance with a third aspect of the present invention, this objectis achieved by a device for producing an encrypted payload data streamcomprising a header and a payload data block containing encryptedpayload data, comprising: means for generating a payload data key for apayload data encryption algorithm for encrypting said payload data;means for encrypting payload data using said payload data key and saidpayload data encryption algorithm to obtain an encrypted section of saidpayload data block of said payload data stream; means for processing apart of said payload data stream to deduce information marking said partof said payload data stream; means for linking said information and saidpayload data key by means of an invertible logic linkage to obtain abasic value; means for encrypting said basic value using a key of twokeys being different from each other by an asymmetrical encryptionmethod, said two different keys being the public and the private keysrespectively for said asymmetrical encryption method to obtain an outputvalue being an encrypted version of said payload data key; and means forentering said output value into said header of said payload data stream.

In accordance with a fourth aspect of the present invention, this objectis achieved by a device for decrypting an encrypted payload data streamcomprising a header and a block containing encrypted payload data, saidheader comprising an output value having been generated by an encryptionof a basic value by an asymmetrical encryption method using a key of twodifferent keys including a private and a public key, said basic valuerepresenting a linkage of a payload data key, with which said encryptedpayload data is encrypted using a payload data encryption algorithm, andinformation deduced by a certain processing, said information marking acertain part of said payload data stream unambiguously, said devicefurther comprising: means for obtaining said output value from saidheader; means for decrypting said output value using said other key andsaid asymmetrical encryption method to obtain said basic value; meansfor processing a part of said payload data stream using the processingmethod used when encrypting to deduce information marking said part,said part corresponding to said certain part when encrypting; means forlinking said information and said basic value using the correspondinglinkage as it has been used when encrypting to obtain said payload datakey; and means for decrypting said block containing encrypted payloaddata using said payload data key and said payload data encryptionalgorithm used when encrypting.

The present invention is based on the fact that a so-called hybridencryption method has to be used in order to achieve a safe andefficient encryption, wherein the faster, for example symmetrical,encryption method or scrambling method is used for encrypting anddecrypting the payload data respectively, while the slower, asymmetricalencryption concept is only used to encrypt the payload data key for thesymmetrical encryption concept for example and to transmit it in thisencrypted form to a user so that the user in turn can decrypt theencrypted payload data stream. Furthermore the encrypted payload datastream, which on the one hand can be a payload file or on the other handa continuous data stream, is to be protected from illegal manipulations.In order to realize this in an efficient way and, as far as computingtime is concerned, as time-saving as possible, the payload data streamitself is included in the asymmetrical encryption method for encryptingthe payload data key.

It is pointed out at this stage that payload data in general includesmultimedia data, that is audio data, video data or a combination ofaudio data and video data, but also text data for example and evenbinary data, such as for example executable programs. For practicalreasons the subject matter of the present invention will be disclosedusing multimedia data. It is however clear that all the payload data forwhich there is a demand for encryption can be processed by the devicesand methods according to the invention.

A hash sum of a part of the multimedia data stream is preferableproduced. This part could on the one hand be the header of themultimedia stream only and, on the other hand, also include parts of theencrypted and decrypted multimedia data itself.

An output value in the header which is transmitted to the customer,along with the at least partly encrypted multimedia data, in the form ofmultimedia data stream in a certain sense represents an encryptedversion of the multimedia key, wherein to decrypt this output valueagain correctly to obtain the multimedia data key, apart from the keyfor the asymmetrical encryption method, this can be individual datacreated by the provider, such as license data which refers to the wayhow a user is allowed to use the encrypted multimedia data, as well asparts of the multimedia data itself. If a user manipulates the header bychanging the expiration date of his license to use a certain piece ofmultimedia for example, he can on no account find out the correct keyfor decrypting the encrypted multimedia data since a correct decryptionof the output value will no longer be possible.

It is a substantial advantage of the method that, as soon as somebodychanges the header, the hash sum on the header changes, too. Thus it isno longer possible to find out the key for decrypting the multimediadata correctly. Thus any change of the header automatically leads to thedestruction of the multimedia data itself.

This “implicit” protection of the header does not include an encryptionof the header, which is why it does not have to be decrypted, a factthat in turn can be made use of for saving resources in the replayinstruments. Of course such an encryption of the header would easily bepossible if there were the wish to do so.

In an analog way a change of the multimedia data, when encrypted orunencrypted multimedia data itself is included in the encryption of themultimedia data key, leads to an automatic destruction of all themultimedia data.

BRIEF DESCRIPTION OF THE DRAWINGS

Preferred embodiments of the present invention are hereinafter describedin detail referring to the appended drawings, in which:

FIG. 1 shows a multimedia data stream which can be produced according tothe present invention;

FIG. 2 shows a detailed illustration of the header and the payload datablock of the encrypted multimedia data stream;

FIG. 3 shows a selection of certain entries into the individualsubblocks of the header block;

FIG. 4 shows a flow chart of the method for producing an encryptedmultimedia data stream according to the present invention, which ispreferable carried out at a distributor, that is a provider, ofmultimedia data; and

FIG. 5 shows a method for decrypting an encrypted multimedia data streamaccording to the present invention, which is preferable carried out atthe customer or user of the multimedia data.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

FIG. 1 shows an encrypted multimedia data stream 10 comprising a header12 and a payload data block 14, that is a block containing encryptedmultimedia data. The payload data block 14 includes encrypted sections16 and unencrypted sections 18 between the encrypted sections 16. Inaddition a multimedia data stream which can be produced according to thepresent invention includes a further unencrypted section 20 followingthe header 12 and being arranged in front of an encrypted section 16.

Usually the multimedia data to be encrypted is encoded in any way, suchas according to a MPEG standard, such as MPEG-2 AAC, MPEG-4 audio orMPEG Layer-3. It is thus sufficient to encrypt certain sections of themultimedia data to be encrypted. This leads to an essentially decreasedprocessing expenditure both at the provider who encrypts the data and atthe customer who in turn has to decrypt the data. Furthermore, thepleasure of hearing and seeing respectively of a user who only uses theunencrypted multimedia data is seriously impaired by the constantlyoccurring encrypted blocks, when the multimedia data is only encryptedpartly.

Although FIG. 1 shows an encrypted multimedia data stream in which theheader 12 is arranged at the beginning of the encrypted multimedia datastream this arrangement of the header and the payload data block is notto refer to the transmission of the encrypted multimedia data stream.The term “header” is only meant to express that a decryption devicewhich is to decrypt the encrypted multimedia data stream at firstrequires at least parts of the header before the multimedia data itselfcan be decrypted. Depending on the transmission medium the header mayalso be arranged at some place in the payload data block or be receivedafter certain parts of the payload data block when for example apacket-oriented transmission of the multimedia data stream is thoughtof, in which different packets, one of which may contain the header andanother one a part of the payload data block, are transmitted viadifferent physical transmission ways in such a way that the order ofreceipt does not have to correspond to the order of sending. However, inthis case a decryption device has to be able to save the packetsreceived and to order them again in such a way that information isextracted from the header to begin the decryption. The encryptedmultimedia data stream may further be present in the form of a file oralso in the form of an actual data stream, when for example a lifetransmission of a multimedia event is thought of. This application willespecially occur with digital user-selective broadcasting.

The length of an encrypted section 16 is represented by a value amount22 while the spacing in the encrypted multimedia data stream from thebeginning of an encrypted section 16 to the beginning of the nextencrypted section 16 is referred to as step 24. The length of thefurther encrypted section 20 is given by a value first step 26.

These values 22, 24 and 26 are obviously required for a correctdecrypting of the multimedia data in a decryption device. This is whythey have to be entered into the header 12 as will be explained later.

FIG. 2 shows a more detailed illustration of the encrypted multimediadata stream 10 consisting of the header 12 and the payload data block14. The header 12 is divided into several subblocks which will beexplained especially referring to FIG. 3. It is pointed out that thenumber and the function of the subblocks can be extended at will. Thus,in FIG. 2 some subblocks of the header 12 are illustrated in an onlyexemplary way. The header includes as it is shown in FIG. 2 a so-calledcrypt-block 29 comprising, in general terms, relevant information forencrypting the multimedia data. In addition the header 12 includes aso-called license block 30 comprising data referring to how a user canor is allowed to use the encrypted multimedia data stream. The header 12further includes a payload data info block 32 which can includeinformation concerning the payload data block 14 and as well as generalinformation about the header 12 itself. Furthermore the header 12 maycomprise an old header block 34 enabling a so-called recursive headerstructure. This block makes it possible for the user who, apart from adecryption device is also in the possession of an encryption device toreformat an encrypted multimedia data stream for other replayinstruments in his possession without losing or modifying the originalheader information provided by the distributor. Depending on theapplication further subblocks, such as an IP information block(IP=intellectual property) according to ISO/IEC 14496-1, MPEG-4,Systems, 1998, containing copyright information, can be added to theheader 12.

As it is the standard in the art, an internal block structure can beallocated to each block, this structure at first requesting a blockidentificator and including the length of the subblock and at lastgiving the block payload data itself. Thus, the encrypted multimediadata stream, and in particular the header of the encrypted multimediadata stream, is given an increased flexibility in such a way that it canreact to new requirements in such a way that additional subblocks may beadded or existing subblocks may be omitted.

FIG. 3 gives an overview of the block payload data of the individualsubblocks shown in FIG. 2.

At the beginning the crypt block 28 is explained. It contains an entryfor a multimedia data encryption algorithm 40 identifying thesymmetrical encryption algorithm used in the preferred embodiment, whichhas been used when encrypting the multimedia data. The entry 40 can bean index for a table in such a way that, after reading the entry 40, adecryption device is capable of selecting this encryption algorithm theencryption device has used from a plurality of encryption algorithms.The crypt block 28 further includes the entry first step 26, the entrystep 24 and the entry amount 22, which has already been illustrated inconnection with FIG. 1. These entries in the header enable a decryptiondevice to subdivide an encrypted multimedia data stream accordingly tobe able to carry out a correct decryption.

The crypt block 28 further contains an entry for the distributor orprovider or supplier 42, the entry being a code for the distributor whohas produced the encrypted multimedia data stream. An entry user 44identifies the user who has obtained the encrypted multimedia datastream in some way from the distributor who is identified by the entry42. It is a possible application of these identification codes to carryout the user identification code in a device-specific way. The entryuser would then contain the serial number of a PC, a laptop, a car hi-fidevice, a home stereo system etc., allowing as replay on the specificinstrument only. For a further increase of the flexibility and/orsafety, a special identification code such as a logic linkage of thehard disk size and the processor number etc., in the example of a PC,could be employed instead of the serial number which looks differentwith every producer but may be identical accidentally.

The entry 46 contains an output value which will be discussed in detaillater. This output value in general represents an encrypted version ofthe multimedia data key which, in connection with the multimedia dataencryption algorithm identified by the entry 40, is required to decryptthe encrypted multimedia data (sections 16 in FIG. 1) present in thepayload data block 14 correctly. In order to achieve a sufficientflexibility for future applications, the two entries output value length48 and output value mask 50 are further provided. The entry output valuelength 48 illustrates the actual length of the output value 46. Toachieve a flexible header format more bytes are however provided in theheader format, for the output value than an output value actuallycomprises. The output value mask 50 thus illustrates how a shorteroutput value is distributed in a way on a longer output value place. Ifthe output value length is for example half as big as the spaceavailable for the output value, the output value mask could be formed insuch a way that the first half of the output value mask is set while thesecond half is masked. In this case the output value would simply beentered into the space provided for the header by the syntax and occupythe first half while the other half would be ignored due to the outputvalue mask 50.

Now the license block 30 of the header 12 will be explained. The licenseblock includes an entry bit mask 52. This entry can comprise certainspecific information for replaying or for the general way of using theencrypted multimedia data. With this entry a decryption device couldespecially be told whether the payload data can be replayed locally ornot. In addition at this point it may be signalled whether the challengeresponse method has been used for the encryption, this method beingdescribed in the already mentioned German patent DE 196 25 635 C1 andenabling an efficient data base access.

An entry expiration date 54 indicates the point in time at which thepermission to decrypt the encrypted multimedia data stream expires. Adecryption device will in this case check the entry expiration date 54and compare it to a build-in time measuring device in order not to carryout a decryption of the encrypted multimedia data stream if theexpiration date has been exceeded. This makes it possible for theprovider to make encrypted multimedia data available for a limitedamount of time, which has the advantage of a much more flexible handlingand price setting. This flexibility is further supported by an entrystarting date 56 in which it is specified from which point on anencrypted multimedia file is allowed to be decrypted. An encryptiondevice will compare the entry starting date with its built-in watch toonly carry out a decryption of the encrypted multimedia data when thecurrent point in time is later than the starting date 56.

The entry allowed replay number 58 indicates how often the encryptedmultimedia data stream can be decrypted, that is replayed. This furtherincreases the flexibility of the provider in such a way that it forexample only allows a certain number of replays compared to a certainsum which is smaller than a sum which would arise for the unlimitedusage of the encrypted multimedia data stream.

For verifying and supporting respectively the entry allowed replaynumber 58 the license block 30 further includes an entry actual replaynumber 60 which could be incremented by one for example after eachdecryption of the encrypted multimedia data stream. A decryption devicewill thus always check whether the entry actual replay number is smallerthan the entry allowed replay number. If this is the case, a decryptionof the multimedia data is carried out. If this is not the case, adecryption is no longer carried out.

Analog to the entries 58 and 60 entries allowed copy numbers 62 andactual copy number 64 are implemented. By means of the two entries 62and 64 it is made sure that a user of the multimedia data only copiesthem as often as he or she is allowed to do so by the provider or asoften as he or she has paid for when purchasing the multimedia data. Bythe entries 58 to 64 a more effective copyright protection is assured, aselection between private users and industrial users being attainablefor example by setting the entries allowed replay number 58 and allowedcopy numbers 62 to a smaller value.

The licensing could for example be designed in such a way that a certainnumber of copies (entry 62) of the original are allowed while copies ofa copy are not allowed. The header of a copy would then, unlike theheader of the original, have zero as the entry allowed copy number insuch a way that this copy can no longer be copied by a properencryption/decryption device.

In the example for a multimedia data protection protocol (MMP) shownhere the header 12 further contains a payload data information block 32having in this case only two block payload data entries 66 and 68, theentry 66 containing a hash sum on the total header, while the entry 68identifies the type of hash algorithm having been used for forming thehash sum on the total header.

In this context reference is made for example to “Applied Cryptography”,Second Edition, John Wiley & Sons, Inc. by Bruce Schneider (ISBN 0417-11709-9) including a detailed illustration of symmetrical encryptionalgorithms, asymmetrical encryption algorithms and hash algorithms.

The header 12 finally includes the old header block 34 which, along withthe synchronizing information which is not shown in FIG. 3, comprisesthe entry old header 70. In the entry old header 70 the old header canbe maintained by the provider if a user performs an encryption himselfand thus produces a new header 12, in order not to lose essentialinformation the provider has entered into the header. For this purposeauthor information (IP information block) could for example count prioruser information and distributor information which enables tracing backof a multimedia file which for example has been decrypted and encryptedseveral times by different instruments to the original providertransparently, the author information being maintained. It is thuspossible to check at any point whether an encrypted multimedia file hasbeen acquired legally or illegally.

After having explained the format of the encrypted multimedia datastream and various functionalities of encryption and decryption devices,the method according to the invention for encrypting multimedia datawill now be explained referring to FIG. 4. In a preferred application ofthe present invention the encryption method according to the inventionis carried out at the distributor. The distributor preferably carriesout a hybrid encryption method, that is a symmetrical encryption methodfor encrypting the multimedia data and an asymmetrical encryption methodfor encrypting the multimedia data key.

A customer or user who wants to purchase multimedia data from adistributor at first contacts the distributor and, for example, tellshim his credit card number to which the distributor debits the payableamounts. Then the customer receives a table of the symmetricalencryption methods by the distributor. In addition the distributor andthe customer exchange their respective public keys. If the user noworders a certain multimedia good from the distributor the distributorperforms a customer-selective encryption for this customer.

The detailed steps for producing the encrypted multimedia data streamcould look the following way. The distributor at first creates theheader 12 for the multimedia file as far as it is possible until then(100). As can be seen form FIG. 3 the output value is not yet availableat this point in time. For this reason the entry for the output value isleft empty in step 100 in which the header 12 is created as far aspossible. All the other entries in the crypt block and all the otherentries in the license block however do already exist. The hash sum orelse the digital signature in the entry 66 on the total header howeveris not yet existent, which is why this entry is left empty. The entryold header 70 will very likely remain empty if the multimedia file isencrypted by the distributor for the first time. If, however, thedistributor has acquired the encrypted multimedia file from anotherdistributor, the entry 70 may already be filled. In a step 102 thedistributor establishes a multimedia data key K which, together with themultimedia data encryption algorithm being identified by the entry 40(FIG. 3), allows an encryption of the multimedia data, which is carriedout in a step 104.

According to the present invention a hash sum on the header is formed,certain parts having a predefined value (step 106). The detailedillustration of the header in FIG. 3 at the right margin contains acolumn 107 which is to illustrate which parts or entries respectively inthe header 12 receive a predefined value when forming a has sum in step106 (FIG. 4). The entry output value 64, the entry actual replay number60, the entry actual copy number 64 and the entry hash sum on the header66 and, under certain circumstances, the entry old header 70 especiallyreceive a predefined value, as it is illustrated by the dotted cross forthe entry 70. Certain parts of the header have to be given a pre-definedvalue when the hash sum is formed in step 106, since they are not yetfixed (output value 46) or are changed by a decryption device (entry 60and 64). The entry 66, that is the hash sum on the header, is not yetfixed either since the output value 46 is naturally also included in it.

The entries distributor 42, user 44 and the entries into the licenseblock 30 are however included when forming the hash sum in step 106(FIG. 4), whereby a personalization and protection respectively of thelicense block entries can be achieved since the hash sum obtained instep 106 is linked with the multimedia data key to obtain a basic value(step 108).

Then the basic value obtained in step 108 is encrypted asymmetrically bymeans of the public key (0) of the customer (step 110). To render theencrypted multimedia data stream to a transferable format, the header isfinally completed (step 112) in such a way that the output value 46 isentered into the header already created in step 100.

Unlike the embodiment shown in FIG. 4, the order of the steps can beexchanged. The entire encryption of the multimedia data key could forexample be carried out first, the encryption of the multimedia data thenbeing performed. In addition the hash sum on the header could beestablished before the multimedia data key is generated. Furthervariations are possible. Step 108 can of course also be carried outafter the hash sum has been established. Furthermore step 110 may onlybe carried out after a basic value has been established.

A symmetrical encryption method is preferable used for encrypting themultimedia data with the multimedia data key in step 104 since, in thiscase, relatively large amounts of data have to be encrypted anddecrypted. Symmetrical encryption methods, as is well known, are fasterthan asymmetrical encryption methods as they are employed in step 110for encrypting the multimedia data key.

It is also preferred that the multimedia data key K is generated bymeans of a random number generator in such a way that the basic valuegenerated in step 108 always takes a different form for one and the samecustomer to make an attack on the cryptographic system as difficult aspossible.

The linkage operation to link the hash sum and the multimedia data key Kshould, as will be explained referring to FIG. 5, be a self-inverselinkage. Such a self-inverse linkage would be the XOR-linkage.Self-inverse means that applying this linkage two times yields a resultequal to the output value. It is also possible that the linkage functionof FIG. 5 is the inverse function of that of FIG. 4. The linkagefunction thus only has to be reversible, that is there must be a reversefunction of it.

In step 110 an asymmetrical encryption method is carried out accordingto the invention. As it is known, there are two keys in an asymmetricalencryption method, with the help of which an encryption and decryptionrespectively are possible, the keys being different from each other. Onekey is called private key P while the other key is called public key O.Asymmetrical encryption methods in general have the property that datato be encrypted having been encrypted by means of the private key can bedecrypted again by the public key. In an analog way data to be encryptedhaving been encrypted by means of the public key are decrypted again bymeans of the private key. Thus it can be deduced that the private andpublic keys are in general exchangeable.

An aspect of the present invention is that the header on the steps 106and 108 is included in the encryption of the multimedia data key.Alternatively parts of the payload data block may also be included,whereby the entire multimedia data stream would become useless due to adisallowed manipulation of the payload data since it will no longer bepossible in this case to calculate the multimedia data key in thedecryption device.

Although it has been mentioned in step 106 that a hash sum on the headeris formed, it is also pointed out that each processing of a part of themultimedia data stream to derive information marking the part of themultimedia data stream can be employed. The more complicated the hashalgorithm used herein is, the safer the encrypted multimedia data streamwill be from attackers who want to crack it to modify the licenseinformation and the distributor or user information respectively forexample for their (illegal) purposes.

Now reference is made to FIG. 5 which shows a flow chart of thedecryption method which is possibly performed by a customer. In a step120 the customer at first reads the output value from the header of theencrypted multimedia data stream. Then he performs a decryption of thisoutput value by means of the respective asymmetrical decryption (step122). Then the decryption device at the customer forms a hash sum on theheader, certain parts which had predefined values when encrypted alsoreceiving the same predefined value in a step 124. Then the hash sumwith the decrypted output value (step 122) is linked, whereby themultimedia data key is formed (step 126). In a step 128 the encryptedmultimedia data is finally decrypted by means of the multimedia data keyobtained in step 126.

It is evident that the decryption method is basically the reversal ofthe encryption method having been described referring to the flow chartof FIG. 4. In the decryption method shown in FIG. 5 several steps mayalso be exchanged. Thus, the hash sum on the header could for example beformed (124), after which the output value is decrypted by means of thepublic key (step 122). Reading the output value form the header (step120) could for example be performed after step 124 but in any case infront of step 126. Step 128 will only be possible after step 126 hasbeen performed since it yields the multimedia data key.

The decryption method shown in FIG. 5 expresses by means of step 124,what will happen if a customer modifies the header 12 which is usuallyunencrypted and very easily susceptible for attackers. A change of thelicense information of the beginning and the end dates for example wouldhowever inevitably result in the hash sum on the header, formed in step124, having a different value than the hash sum formed in step 106 (FIG.4) during the encryption. The repeated linkage of the hash sum in step126 (FIG. 5) will thus no longer result in the correct multimedia datakey since the two hash sums, that is the hash sum during the encryptionand the hash sum during the decryption, are different from each other.Thus the entire multimedia data is useless since it can no longer bedecrypted correctly since it is no longer possible, due to themanipulation of the header, to calculate the multimedia data key theencryption device has employed. Any change of the header thusautomatically leads to the destruction of the multimedia data itself.

1. Method for producing a payload data stream comprising a header and apayload data block containing encrypted payload data, comprising thefollowing steps: generating a payload data key for a payload dataencryption algorithm for encrypting payload data, the payload datahaving a first section and a second section, the first section and thesecond section including audio data, video data, a combination of audiodata and video data, or binary data forming an executable program;encrypting the audio data, video data, a combination of audio data andvideo data, or binary data forming an executable program of the firstsection of the payload data using said payload data key and said payloaddata encryption algorithm to obtain an encrypted section of said payloaddata block of said payload data stream, wherein the second section ofthe payload data remains unencrypted; processing the audio data, videodata, a combination of audio data and video data, or binary data formingan executable program of the unencrypted second section of said payloaddata to deduce information characterizing the unencrypted second sectionof said payload data; linking said information and said payload data keyby means of an invertible logic linkage to obtain a basic value;encrypting said basic value using a key of two keys being different fromeach other by an asymmetrical encryption method, said two different keysbeing the public and the private keys respectively for said asymmetricalencryption method, to obtain an output value being an encrypted versionof said payload data key; and entering said output value into saidheader of said payload data stream.
 2. Method according to claim 1, inwhich said payload data encryption algorithm is a symmetrical encryptionalgorithm.
 3. Method according to claim 1, in which said invertiblelogic linkage is self-inverting and includes an XOR-linkage.
 4. Methodaccording to claim 1, in which one key of said two keys being differentfrom each other is the private key of a producer of said payload datastream or the public key of a consumer of said payload data stream. 5.Method according to claim 1, in which said part of said payload datastream being processed to deduce said information includes at least apart of said header.
 6. Method according to claim 1, in which said stepof processing comprises forming a hash sum.
 7. Method according to claim1, further comprising the following step: identifying an algorithm beingused in said step of processing by an entry into said header.
 8. Methodaccording to claim 1, further comprising the following step: enteringlicense data into said header, said license data referring to in whichway said payload data stream is allowed to be employed.
 9. Methodaccording to claim 8, in which said license data indicates how oftensaid payload data stream is allowed to be replayed and how often it hasalready been replayed.
 10. Method according to claim 8, in which saidlicense data indicates how often the contents of said payload datastream is allowed to be copied and how often it has already been copied.11. Method according to claim 8, in which said license data indicatesfrom when on said payload data stream is no longer allowed to beemployed.
 12. Method according to claim 8, in which said license dataindicates from when on said payload data stream is allowed to bedecrypted.
 13. Method according to claim 8, in which said part of saidpayload data stream being processed to deduce said information includessaid license data.
 14. Method according to claim 1, in which said stepof processing further comprises the following substep: setting saidentry for said output value in said header to a defined value andprocessing said entire header, including said entry set to a definedvalue.
 15. Method according to claim 1, further comprising the followingsteps: identifying the supplier of said payload data stream by asupplier entry into said header; identifying the user of said payloaddata stream by a user entry into said header of said payload datastream, said supplier entry and said user entry belonging to said partof said payload data stream being processed to deduce said information.16. Method according to claim 1, further comprising the following step:identifying said payload data encryption algorithm by an entry into saidheader of said payload data stream.
 17. Method for decrypting anencrypted payload data stream comprising a header and a payload datablock containing a first section having encrypted payload data and asecond section having unencrypted payload data, the first section andthe second section including audio data, video data, a combination ofaudio data and video data, or binary data forming an executable program,said header comprising an output value having been generated by anencryption of a basic value by an asymmetrical encryption method using akey of two different keys including a private and a public key, saidbasic value representing a linkage of a payload data key, with whichsaid first section having encrypted audio data, video data, acombination of audio data and video data, or binary data forming anexecutable program as payload data is encrypted using a payload dataencryption algorithm, and information deduced by a certain processing ofaudio data, video data, a combination of audio data and video data, orbinary data forming an executable program of the unencrypted secondsection of the payload data, said information characterizing a certainpart of said payload data stream unambiguously, said method comprisingthe following steps: obtaining said output value from said header;decrypting said output value using the other key of said asymmetricalencryption method to obtain said basic value; processing the audio data,video data, a combination of audio data and video data, or binary dataforming an executable program of the unencrypted second section of saidpayload data using the processing method used when encrypting to deduceinformation characterizing the unencrypted second section; linking saidinformation and said basic value using the corresponding linkage as ithas been used when encrypting to obtain said payload data key; anddecrypting the audio data, video data, a combination of audio data andvideo data, or binary data forming an executable program of the firstsection containing the encrypted payload data using said payload datakey and said payload data encryption algorithm used when encrypting. 18.Method according to claim 17, in which said header comprises licenseinformation referring to in what way said payload data stream can beemployed.
 19. Method according to claim 18, further comprising thefollowing steps: checking whether said license information allows adecryption; and if a decryption is not allowed, cancelling saiddecryption method.
 20. Method according to claim 17, in which said partbeing processed to deduce said information is said header.
 21. Methodaccording to claim 17, in which said header comprises a user entry, saidmethod further comprising the following steps: checking by means of saiduser entry whether a current user is authorized; and if the user is notauthorized, cancelling said decryption method.
 22. Method according toclaim 17, in which one key having been used when encrypting is theprivate key of said asymmetrical encryption method, while the other keyhaving been used when decrypting is the public key of said asymmetricalencryption method.
 23. Method according to claim 17, in which one keyhaving been used when encrypting is the public key of said asymmetricalencryption method, while the other key having been used when decryptingis the private key of said asymmetrical encryption method.
 24. Methodaccording to claim 17, in which said step of processing includes forminga hash sum.
 25. Method according to claim 17, in which a part of saidheader having been set to a defined value for said step of processingwhen encrypting is set to the same defined value for said step ofprocessing when decrypting.
 26. Method according to claim 25, in whichsaid part of said header being set to a defined value includes saidentry for said output value of said header.
 27. Method according toclaim 17, in which said step of linking comprises using an XOR-linkage.28. Device for producing an encrypted payload data stream comprising aheader and a payload data block containing encrypted payload data,comprising: a generator for generating a payload data key for a payloaddata encryption algorithm for encrypting said payload data, the payloaddata having a first section and a second section, the first section andthe second section including audio data, video data, a combination ofaudio data and video data, or binary data forming an executable program;a first encryptor for encrypting the audio data, video data, acombination of audio data and video data, or binary data forming anexecutable program of the first section of the payload data using saidpayload data key and said payload data encryption algorithm to obtain anencrypted section of said payload data block of said payload datastream, wherein the second section of the payload data remainsunencrypted; a processor for processing the audio data, video data, acombination of audio data and video data, or binary data forming anexecutable program of the unencrypted second section of the payload datastream to deduce information characterizing the unencrypted secondsection of the payload data; a linker for linking said information andsaid payload data key by means of an invertible logic linkage to obtaina basic value; a second encryptor for encrypting said basic value usinga key of two keys being different from each other by an asymmetricalencryption method, said two different keys being the public and theprivate keys respectively for said asymmetrical encryption method toobtain an output value being an encrypted version of said payload datakey; and means for entering said output value into said header of saidpayload data stream.
 29. Device for decrypting an encrypted payload datastream comprising a header and a block containing a first section havingencrypted payload data and a second section having unencrypted payloaddata, the first section and the second section including audio data,video data, a combination of audio data and video data, or binary dataforming an executable program, said header comprising an output valuehaving been generated by an encryption of a basic value by anasymmetrical encryption method using a key of two different keysincluding a private and a public key, said basic value representing alinkage of a payload data key, with which said first section havingencrypted audio data, video data, a combination of audio data and videodata, or binary data forming an executable program as payload data isencrypted using a payload data encryption algorithm, and informationdeduced by a certain processing of audio data, video data, a combinationof audio data and video data, or binary data forming an executableprogram of the unencrypted second section of the payload data, saidinformation characterizing a certain part of said payload data streamunambiguously, said device further comprising: means for obtaining saidoutput value from said header; a first decryptor for decrypting saidoutput value using said other key and said asymmetrical encryptionmethod to obtain said basic value; a processor for processing the audiodata, video data, a combination of audio data and video data, or binarydata forming an executable program of the unencrypted second section ofthe payload data using the processing method used when encrypting todeduce information characterizing the unencrypted second section; alinker for linking said information and said basic value using thecorresponding linkage as it has been used when encrypting to obtain saidpayload data key; and a second decryptor for decrypting the audio data,video data, a combination of audio data and video data, or binary dataforming an executable program of the first section containing theencrypted payload data using said payload data key and said payload dataencryption algorithm used when encrypting.
 30. Device according to claim28 or 29, which is implemented as a personal computer, a stereo system,a car hi-fi instrument, a solid state player or a replay instrumentcontaining a hard disk or a CD-ROM.